package com.filter;

import lombok.extern.slf4j.Slf4j;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * xss
 *  执行顺序：过滤器 -> 拦截器 -> aop -> 业务逻辑 -> 拦截器的post方法 -> filter的destroy
 *  zj: 依赖servlet、独立于spring  重写request： extends HttpServletRequestWrapper
 */
@Slf4j
//@WebFilter(urlPatterns = "/*", filterName = "xssFilter")
public class XssFilter implements Filter {
    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
        log.info("init ....");
    }

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        /**
         * 1. 重写getParamter方法
         * 2. 在getParamter中判断属性,然后对特殊字符进行编码,使用官方提供的工具类.
         * 3. 继续提交请求
         */
        HttpServletResponse rep= (HttpServletResponse) response;
        rep.setHeader("Set-Cookie","cookiename=cookievalue; path=/; Domain=domainvaule; Max-age=seconds; HttpOnly");
        chain.doFilter(new XssHttpServletRequestWrapper(
                (HttpServletRequest) request), rep);
    }

    @Override
    public void destroy() {
        log.info("destroy ....");
    }
}
